Export limit exceeded: 44729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44729 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9569 | 2 Sun.net, Sunnet | 2 Ehrd Ctms, Ehrd Ctms | 2025-09-25 | 6.1 Medium |
| The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | ||||
| CVE-2025-9353 | 2 Themify, Wordpress | 2 Themify Builder, Wordpress | 2025-09-25 | 6.4 Medium |
| The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.6.9. | ||||
| CVE-2025-9798 | 1 Netcad | 1 Netigma | 2025-09-25 | 8.9 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from 6.3.3 before 6.3.5 V8. | ||||
| CVE-2025-55143 | 1 Ivanti | 5 Connect Secure, Neurons For Secure Access, Policy Secure and 2 more | 2025-09-24 | 6.1 Medium |
| Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required. | ||||
| CVE-2022-43015 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter. | ||||
| CVE-2022-43016 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component. | ||||
| CVE-2022-43017 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component. | ||||
| CVE-2022-43018 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function. | ||||
| CVE-2022-43014 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.1 Medium |
| OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter. | ||||
| CVE-2023-4663 | 1 Adobe | 1 Connect | 2025-09-24 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9. | ||||
| CVE-2024-53459 | 1 Sysax | 1 Multi Server | 2025-09-24 | 6.1 Medium |
| Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. | ||||
| CVE-2024-13199 | 1 Mtons | 1 Mblog | 2025-09-24 | 3.5 Low |
| A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8902 | 2025-09-24 | 6.4 Medium | ||
| The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'do_sidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-50859 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.1 Medium |
| Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter. | ||||
| CVE-2025-50858 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.1 Medium |
| Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter. | ||||
| CVE-2023-3726 | 1 Ocsinventory-ng | 1 Ocsinventory-ocsreports | 2025-09-24 | 6.9 Medium |
| OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | ||||
| CVE-2023-2507 | 1 Clevertap | 1 Clevertap | 2025-09-24 | 9.3 Critical |
| CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | ||||
| CVE-2025-53504 | 2 Group-office, Intermesh | 2 Group Office, Group-office | 2025-09-24 | N/A |
| Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | ||||
| CVE-2025-25973 | 1 Yandaozi | 1 Ppress | 2025-09-23 | 6.5 Medium |
| A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters. | ||||
| CVE-2025-57602 | 1 Aikaan | 1 Iot Management Platform | 2025-09-23 | 9.8 Critical |
| Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can lead to remote code execution, information disclosure, and privilege escalation across customer environments. | ||||